The Linux Foundation Projects
Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Webinar: Compliant containers with the OSADL Base Image

By legal, licensing, News, Webinar

About This Webinar:

While containers certainly simplify deploying software, fulfilling FOSS license obligations for containers is made difficult by their layered structure and the lack of compliance material in public repositories. Although every container is customized for its particular use and therefore comprises different software components, many are built on a base image that provides essential system components. It seems obvious to apply the Open Source principle of sharing development of non-differentiating technologies and services to license obligations of container base images. Therefore, OSADL offers the OSADL Base Images that are provided together with all required legal information and material needed to be distributed compliantly. A company may build their individual container images on top of the OSADL Docker Base Image and use the provided instructions to fulfill license obligations for the additional software to achieve license compliant container distribution. This presentation explained how the base images and in particular the license compliance material are created, list what flavors, versions and variants are available and show how they can be used to facilitate licensing of individual containers.

Project page: https://www.osadl.org/base-image

Docker Hub: https://hub.docker.com/r/osadl/

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-09-12.

The SBOM Study Group is now the SBOM Work Group

By News

What Is Happening?

The OpenChain SBOM Study Group has covered a lot of ground since it was formed in July 2024. After just over a year of work, and with a detailed examination of what is needed for quality cross-industry Software Bill of Materials, the Governing Board has voted to turn it into a Work Group.

The full details of Study Groups vs Work Groups can be found in our FAQ, but the short version is that a Study Group *thinks* about something, and a Work Group *works* on something.

The SBOM Study Group has prepared detailed conceptual information for a ‘SBOM Document Quality Guide’

The newly formed SBOM Work Group will turn this into a completed, formal OpenChain Guide. You can read about the future guide in detail from a special post we wrote on the subject.

How Can I Help?

The next step is to close all the comments on the draft document… or add your own! You will find it here:

Learn More About This Work Group:

Our SBOM Work Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this work group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

Special Study Group > Work Group FAQ

Q: Does this mean links will change to the mailing list or GitHub repo?

A: No, nothing will change at this time.

Q: Does this mean leadership of the SBOM activity will change?

A: No, nothing will change at this time.

Q: Does this mean all the participants are even cooler than before?

A: Yes.

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-09-10

By News

We Discussed:

Quite a few things! Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following agenda:

  • OpenChain Project News
  • Open Compliance Summit – Call for Papers
  • Specification Work Group – Some Questions for the Community
  • Education Work Group – Update on Status and Community Work Items
  • Any Other Business?

A reminder for those in Asia – while this edition of the monthly call is happening in the darkest hours of the night (01:30 in Japan!), we also have a monthly Europe / Asia call that works better for those in Eastern time zones. Check out the schedule for this and all our other meetings here:
https://openchainproject.org/participate

Watch the Recording:

Coming Next:

  • A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

RECORDING: OpenChain AI Work Group – Asia Sync – 2025-09-11

By News

We held our regular OpenChain AI Work Group Asia Sync on the 11th of September. This meeting focused on reviewing comments around the AI Compliance Guide, which recently completed its public comment period and approval by the Governing Board.

The specific comments addressed were:

  1. https://github.com/OpenChain-Project/Reference-Material/issues/101
  2. https://github.com/OpenChain-Project/Reference-Material/issues/102
  3. https://github.com/OpenChain-Project/Reference-Material/issues/107
  4. https://github.com/OpenChain-Project/Reference-Material/issues/108
  5. https://github.com/OpenChain-Project/Reference-Material/issues/109

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

RECORDING: OpenChain Telco Work Group – September – 2025-09-04

By News

This Meeting Had A Packed Agenda:

Watch the Recording:

Be part of this:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/telco

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/Telco-WG

You are also welcome to participate in any of our other working groups around the world:

OpenChain in the CEN CENELEC CRA Discussion

By News

Thanks to the advocacy of SZ Lin, OpenChain ISO/IEC 18974 has been officially referenced in the EU Cyber Resilience Act (CRA) harmonized standards discussion.

You will find OpenChain ISO/IEC 18974 cited in Slide 67 of the “CRA Standards Unlocked: Unlocking CRA Security Controls: preparation for UNE Event” from CEN CENELEC:
https://www.cencenelec.eu/media/CEN-CENELEC/Events/Webinars/2025/2025-09-08_webinar_unlocking_cra_security_controls_preparation_for_une_event.pdf

We are referenced alongside:
• ISO/EC TR 5895:2022 – Cybersecurity – Multi-party coordinated vulnerability disclosure and handling
• SO/EC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes
• ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure

What this means:

The value of our security standard has been positively recognized by the parties bringing together the official CRA standards / requirements portfolio.

It provides a door to both continue and expand our collaboration in this space. The precise next steps will be determined in collaboration with our community and the governing board.

Ideas welcome!

OpenChain Webinar: Introduction to the Cyber Resilience Act (CRA) @ 17:00 EDT 2025-09-11

By News

Our next webinar will be entitled ‘Introduction to the Cyber Resilience Act (CRA)’ and will be delivered by our very own David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation. This will be a great starting point for people getting up-to-speed around the current situation.

About This Webinar:

The European Union (EU) Cyber Resilience Act (CRA) is a new law that covers almost all “products with digital elements”, including software, released in the EU. Enforcement will begin in 2026, even on organizations who aren’t based in the EU. This presentation will briefly explain the scope and requirements of the CRA. This webinar will be lead by David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation.

We start at 17:00 EDT 2025-09-11. All welcome, no registration needed.

Join here at the start time:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

OpenChain Webinar: Compliant containers with the OSADL Base Image @ 09:00 CEST 2025-09-10

By News

Our next webinar will be entitled ‘Compliant containers with the OSADL Base Image’ and will be delivered by Caren Kresse of OSADL. This will address one of the hottest topics in compliance: “how do you make containers compliant?”

About This Webinar:

While containers certainly simplify deploying software, fulfilling FOSS license obligations for containers is made difficult by their layered structure and the lack of compliance material in public repositories. Although every container is customized for its particular use and therefore comprises different software components, many are built on a base image that provides essential system components. It seems obvious to apply the Open Source principle of sharing development of non-differentiating technologies and services to license obligations of container base images. Therefore, OSADL offers the so called OSADL Base Images that are provided together with all required legal information and material needed to be distributed compliantly. A company may build their individual container images on top of the OSADL Docker Base Image and use the provided instructions to fulfill license obligations for the additional software to achieve license compliant container distribution. This presentation will explain how the base images and in particular the license compliance material are created, list what flavors, versions and variants are available and show how they can be used to facilitate licensing of individual containers.

Project page: https://www.osadl.org/base-image
Docker Hub: https://hub.docker.com/r/osadl/

We start at 09:00 CEST 2025-09-10. All welcome, no registration needed.

Join here at the start time:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

SBOM Study Group > Developing a New Guide to SBOM Quality – What’s Next?

By News

There was a significant market impact with the release of Version 1.1 of the Telco SBOM Quality Guide:
https://openchainproject.org/featured/2025/05/09/openchain-telco-sbom-guide-version-1-1-now-available

This lead to discussions about how we can make an explicitly cross-industry guide covering the topics of *how* we determine what is quality, and *how* we manage this across multiple industries. This lead to the development of a ”thinking” document considering how a cross-industry, cross-format SBOM quality could be structured:
https://github.com/OpenChain-Project/SBOM-sg/blob/main/Cross-Industry-SBOM-Quality-Guide/en/Cross-Industry-SBOM-Quality-Guide.md

As of last week, permission was given by the OpenChain Governing Board for the SBOM Study Group to turn into a full OpenChain Work Group, and to explicitly work on turning the thinking document into an official OpenChain guide for everyone. The formal announcement regarding the SBOM Study Group evolution will be made later this week, and meanwhile, you can check out a detailed presentation on the topic of a cross-industry SBOM Quality Guide in the slides below.

Check Out The Slides:

Learn More About This Study (and soon Work) Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-09-02

By News

We held our regular OpenChain AI Work Group meeting for North America and Europe on the 2nd of September. This meeting focused on reviewing comments around the AI Compliance Guide, which recently completed its public comment period and approval by the Governing Board.

The specific comments addressed were:

  1. https://github.com/OpenChain-Project/Reference-Material/issues/101
  2. https://github.com/OpenChain-Project/Reference-Material/issues/102
  3. https://github.com/OpenChain-Project/Reference-Material/issues/107
  4. https://github.com/OpenChain-Project/Reference-Material/issues/108
  5. https://github.com/OpenChain-Project/Reference-Material/issues/109

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate